<?php
/******************************************
 * Author: <YOUR NAME HERE>
 * Description: <YOUR DESCRIPTION HERE>
 ******************************************/
class Users extends CustomSecurity { 


	function Users($db){ 
    }

	/***********************************
 	 * Add:         Allows the insertion of values into the Table.
 	 * Parameters:  $email, $password, $priv, $firstname
 	 * Return:      (Boolean) True - Successfully Inserted | False - Error
 	 ************************************/
	function add($email, $password, $priv, $firstname){ 

		escape_string($email);
		escape_string($password);
		escape_string($priv);
		escape_string($firstname);
		$token=sha1($email.$priv.$firstname.rand(200,4444));

		$statement = "INSERT INTO users (email, password, priv, firstname, token) VALUES ('$email', '$password', '$priv', '$firstname', '$token');";
		$results   = mysql_query($statement);
		$headers = 'From: РъНъТъ@RyNyTy.com' . "\r\n";
		$headers.= 'MIME-Version: 1.0' . "\r\n";
		$headers.= 'Content-type: text/html; charset=UTF-8' . "\r\n";
		$htmlContent = 'За да активирате вашия профил моля отворете тази връзка: http://RyNyTy.com/activate.php?email='.$email.'&token='.$token;
		mail($email, "активация", $htmlContent, $headers);
		
		if($results){
			return true;
		}else{
			return false;
		}

	}//End add()
	


	/***********************************
 	 * Remove:      Allows for the removal of record from the database.
 	 * Parameters:  (String)Primary Key Column Name | (Int) Primary Key Value
 	 * Return:      (Boolean) True - Successfully Removed | False - Error
 	 ************************************/
	function remove($primaryKeyValue){ 

		escape_string($primaryKeyValue);

		$statement = "DELETE FROM users WHERE email = '$primaryKeyValue'";
		$results   = mysql_query($statement);
		if($results){
			return true;
		}else{
			return false;
		}

	}//End remove()


	/***********************************
 	 * Update:      Allows for the update of a record from the database.
 	 * Parameters:  (String)Primary Key Column Name | (Int) Primary Key Value | (String) Column Name To Update | (String) New Value
 	 * Return:      (Boolean) True - Successfully Updated | False - Error
 	 ************************************/
	function update($primaryKeyName, $primaryKeyValue, $columnNameToUpdate, $columnValue){ 

		escape_string($primaryKeyName);
		escape_string($primaryKeyValue);
		escape_string($columnNameToUpdate);
		escape_string($columnValue);

		$statement = "UPDATE users SET $columnNameToUpdate = '$columnValue' WHERE $primaryKeyName = '$primaryKeyValue'";
		$results   = mysql_query($statement);
		if($results){
			return true;
		}else{
			return false;
		}

	}//End update()
	
	function changePass($oldpass, $newpass){ 

		$email = $_SESSION['user_mail'];
		escape_string($oldpass);
		escape_string($newpass);

		$statement = "UPDATE users SET password = '$newpass' WHERE email = '$email' AND password = '$oldpass' ";
		$results   = mysql_query($statement);
		if($results){
			return true;
		}else{
			return false;
		}

	}//End update()
	
	
	function changeToodledoId($newId){ 

		escape_string($newId);
		$email = $_SESSION['user_mail'];

		$statement = "UPDATE users SET toodledo_id = '$newId' WHERE email = '$email'";
		$results   = mysql_query($statement);
		if($results){
			return true;
		}else{
			return false;
		}

	}//End update()
	
	function saveToodledoPass($newId){ 

		escape_string($newId);
		$email = $_SESSION['user_mail'];

		$statement = "UPDATE users SET tpass = '$newId' WHERE email = '$email'";
		$results   = mysql_query($statement);
		if($results){
			return true;
		}else{
			return false;
		}

	}//End update()
	
	
	
	function getToodledoId(){ 

		$email = $_SESSION['user_mail'];

		$statement = "SELECT toodledo_id FROM users WHERE email = '$email'";
		$mresults   = mysql_query($statement);
		$tokens[0] = "toodledo_id";
		return transformResults($mresults, $tokens);

	}//End update()
	
	function getToodledoPass(){ 

		$email = $_SESSION['user_mail'];

		$statement = "SELECT tpass FROM users WHERE email = '$email'";
		$results   = mysql_query($statement);
		return  mysql_result($results,0,"tpass");

	}//End update()
	
	
	

	/***********************************
 	 * GetAll:       Returns all the records in the database.
 	 * Parameters:   NA
 	 * Return:      (MultiDimensional-Array)String
 	 ************************************/
	function getAll(){ 

		//Custom SQL Injection Escaping HERE

		$statement = "SELECT email, password, priv, firstname FROM users";
		$results   = mysql_query($statement);
		
		$tokens[0] = 'email';
		$tokens[1] = 'password';
		$tokens[2] = 'priv';
		$tokens[3] = 'firstname';
		
		return transformResults($results, $tokens);

	}//End getAll()


	/***********************************
 	 * GetObject:   Returns a specific record form the batabase.
 	 * Parameters:  (Int) Primary Key Value
 	 * Return:      (Array)String
 	 ************************************/
	function getObject($primaryKeyValue, $pwd){ 

		escape_string($primaryKeyValue);
		escape_string($pwd);

		$statement = "SELECT email, password, priv, firstname, id FROM users WHERE email = '".$primaryKeyValue."' AND password = '".$pwd."'";
		$mresults   = mysql_query($statement);
		$tokens[0] = 'email';
		$tokens[1] = 'password';
		$tokens[2] = 'priv';
		$tokens[3] = 'firstname';
		$tokens[4] = 'id';
		
		return transformResults($mresults, $tokens);

	}//End getObject()
	
		/***********************************
 	 * GetObject:   Returns a specific record form the batabase.
 	 * Parameters:  (Int) Primary Key Value
 	 * Return:      (Array)String
 	 ************************************/
	function getUsers($primaryKeyValue){ 
		
		escape_string($primaryKeyValue);

		$statement = "SELECT email, password, priv, firstname FROM users WHERE email = '".$primaryKeyValue."'";
		$mresults   = mysql_query($statement);
		$tokens[0] = 'email';
		$tokens[1] = 'password';
		$tokens[2] = 'priv';
		$tokens[3] = 'firstname';

		return transformResults($mresults, $tokens);

	}//End getObject()
	
	
	function activateuser($memeil, $token){
		escape_string($token);
		escape_string($memeil);
		
		$statement = "SELECT id FROM users WHERE email = '$memeil' AND token = '".$token."'";
		$midofuser = mysql_query($statement);
		
		$tokens[0] = "id"; 
		$idofuser = transformResults($midofuser, $tokens);
		if (count($idofuser) > 0){
			$mid = $idofuser[0][0];
			$statement = "UPDATE users SET token = '', priv = 'guest' WHERE id = '$mid'";
			$results   = mysql_query($statement);
			if($results){
				return 0;
			}else{
				return 1;
			}
		}
		return 1;
	}
	
	function mailActivation($memeil){
		$statement = "SELECT token FROM users WHERE email = '$memeil'";
		$mtokofuser = mysql_query($statement);
		
		$tokens[0] = "token"; 
		$tokofuser = transformResults($mtokofuser, $tokens);
		
		if (count($tokofuser) > 0){
			$mid = $tokofuser[0][0];
			$headers = 'From: РъНъТъ@RyNyTy.com' . "\r\n";
			$headers.= 'MIME-Version: 1.0' . "\r\n";
			$headers.= 'Content-type: text/html; charset=UTF-8' . "\r\n";
			$htmlContent = 'За да активирате вашия профил моля отворете тази връзка: http://RyNyTy.com/activate.php?email='.$memeil.'&token='.$mid;
			mail($memeil, "активация", $htmlContent, $headers);
		}
	}

}//End Class Users
?>